diff options
author | Alex Dowad <alexinbeijing@gmail.com> | 2014-05-01 13:45:32 +0200 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2014-05-01 17:47:27 +0300 |
commit | 618bdff5f21b7b90c40fba93bafa88ceb3e522dc (patch) | |
tree | 04d5bd74aadf9e0c187bd7489eb0a00d870608f2 /src/squark-auth-ip.c | |
parent | b64c621c9de3fa72ff1f1688d8453d99f5cf7352 (diff) | |
download | squark-618bdff5f21b7b90c40fba93bafa88ceb3e522dc.tar.bz2 squark-618bdff5f21b7b90c40fba93bafa88ceb3e522dc.tar.xz |
squark-filter, squark-auth-ip: avoid overflow of login_name buffer
Diffstat (limited to 'src/squark-auth-ip.c')
-rw-r--r-- | src/squark-auth-ip.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/squark-auth-ip.c b/src/squark-auth-ip.c index 94c450f..74e0583 100644 --- a/src/squark-auth-ip.c +++ b/src/squark-auth-ip.c @@ -60,7 +60,7 @@ static void handle_line(blob_t line) blob_push(&b, id); if (auth_ok) { blob_push(&b, BLOB_STR(" OK user=")); - blob_push(&b, BLOB_STRLEN(entry.p.login_name)); + blob_push(&b, BLOB_CHAR_ARRAY(entry.p.login_name)); blob_push(&b, BLOB_PTR_LEN("\n", 1)); } else { blob_push(&b, BLOB_STR(" ERR\n")); @@ -210,6 +210,8 @@ int main(int argc, char **argv) return 2; } authdb_clear_entry(&entry); + if (username.len > sizeof(entry.p.login_name)) + username.len = sizeof(entry.p.login_name); /* avoid buffer overflow */ memcpy(entry.p.login_name, username.ptr, username.len); authdb_commit_login(token, &entry, now, &adbc); break; |